Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/XFCSXye-JnBOg9hkUt9_8ox3-Uw.roa
File:                     XFCSXye-JnBOg9hkUt9_8ox3-Uw.roa (raw, json)
Hash identifier:          FoESmWnbukcz+6JNvVonKCdjus3ZKbyt/TOI4oU59NU=
Subject key identifier:   5C:50:92:5F:27:BE:26:70:4E:83:D8:64:52:DF:7F:F2:8C:77:F9:4C
Certificate issuer:       /CN=bb190d102ac9603b405b36374d429868604937af
Certificate serial:       01942143E006800C1901BE1C61D06DE549C5
Authority key identifier: BB:19:0D:10:2A:C9:60:3B:40:5B:36:37:4D:42:98:68:60:49:37:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uxkNECrJYDtAWzY3TUKYaGBJN68.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/XFCSXye-JnBOg9hkUt9_8ox3-Uw.roa
Signing time:             Wed 01 Jan 2025 09:48:03 +0000
ROA not before:           Wed 01 Jan 2025 09:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204415
IP address blocks:        185.148.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/uxkNECrJYDtAWzY3TUKYaGBJN68.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/uxkNECrJYDtAWzY3TUKYaGBJN68.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uxkNECrJYDtAWzY3TUKYaGBJN68.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e0:06:80:0c:19:01:be:1c:61:d0:6d:e5:49:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb190d102ac9603b405b36374d429868604937af
        Validity
            Not Before: Jan  1 09:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c50925f27be26704e83d86452df7ff28c77f94c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:f7:fd:64:f7:de:4a:67:38:82:29:15:3e:98:
                    c4:2e:3e:e7:10:fe:dd:0e:9e:a0:d6:6c:2a:e6:ce:
                    04:bc:4a:21:b0:e4:39:2d:93:4b:9b:e9:82:95:d3:
                    3b:75:05:2f:7b:bc:6b:91:52:3b:97:e3:7d:8e:eb:
                    cd:24:39:25:ea:51:2b:e3:9e:85:b8:8d:41:0b:56:
                    2b:92:0e:39:7b:46:28:22:83:7b:78:d4:b3:45:57:
                    46:5d:c4:de:26:6f:e0:bb:8a:fc:77:3d:fa:46:5b:
                    95:d8:8f:2d:8a:fe:dc:67:bb:5a:1d:53:af:13:35:
                    29:83:19:d3:56:94:29:53:f2:ab:d9:14:ef:76:8e:
                    7a:62:3d:e8:ca:13:32:9c:0c:67:e5:a3:10:ae:6d:
                    f7:91:ee:b8:5f:65:84:b5:92:a3:10:36:c3:65:77:
                    8b:65:bb:71:22:83:d7:ec:62:d4:2a:0e:f2:29:56:
                    8f:69:23:8f:8b:ac:02:20:7a:f8:1b:1e:23:b3:bf:
                    e8:57:19:5f:ef:e7:91:85:1e:88:db:c9:ac:65:87:
                    3b:bd:17:6f:5c:61:f2:f2:9a:47:ca:4e:02:4a:e4:
                    b7:63:c0:d1:f4:19:5f:bf:07:df:e1:1a:06:b8:c2:
                    28:0f:84:e2:7c:f5:48:a3:d6:b1:19:c8:da:c9:62:
                    a0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:50:92:5F:27:BE:26:70:4E:83:D8:64:52:DF:7F:F2:8C:77:F9:4C
            X509v3 Authority Key Identifier:
                keyid:BB:19:0D:10:2A:C9:60:3B:40:5B:36:37:4D:42:98:68:60:49:37:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uxkNECrJYDtAWzY3TUKYaGBJN68.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/XFCSXye-JnBOg9hkUt9_8ox3-Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/6369e6-2304-4922-afdf-e93e2eba69b9/1/uxkNECrJYDtAWzY3TUKYaGBJN68.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:5a:47:7e:4d:d0:c5:3d:b0:22:62:4c:ae:01:08:ed:d5:f7:
         3a:6d:f3:c2:b4:9f:ee:3b:f8:de:e5:56:0d:74:06:7b:a9:fc:
         90:4a:4e:0b:f1:4a:8f:ab:db:12:4d:f3:01:e5:b7:d2:55:0d:
         61:10:71:11:b8:6d:bd:06:e3:49:28:fc:fb:d8:73:27:79:ad:
         58:79:78:64:77:98:93:f3:40:29:8c:d0:ae:e1:f9:65:50:76:
         97:39:6a:cf:04:4b:f6:7e:e2:e6:e5:72:10:90:06:7e:4a:35:
         f0:db:eb:5e:0b:7e:7b:07:5c:fa:e1:21:bf:e5:71:5b:29:0b:
         5c:19:6c:72:d8:b8:d1:16:f8:f8:13:05:ec:0f:96:09:ac:6f:
         71:82:30:d8:2e:63:f2:6e:f4:b0:4e:87:88:e5:de:4d:3a:33:
         06:ea:23:40:ad:8b:10:1b:8d:e3:b7:15:c4:ed:41:02:da:e8:
         16:4e:15:84:5e:f3:64:4c:19:37:14:54:45:05:92:fd:04:46:
         7b:18:26:34:d2:a3:0e:e2:11:aa:b1:6a:99:41:da:1b:e2:6b:
         4c:82:86:89:06:08:82:df:e8:ee:b9:7a:5c:98:b5:2c:5c:26:
         75:e4:70:0c:87:76:7e:7c:0b:53:2c:e1:c4:45:fa:55:ba:7a:
         ec:3f:c6:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ+AGgAwZAb4cYdBt5UnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMTkwZDEwMmFjOTYwM2I0MDViMzYzNzRkNDI5ODY4NjA0
OTM3YWYwHhcNMjUwMTAxMDk0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzUwOTI1ZjI3YmUyNjcwNGU4M2Q4NjQ1MmRmN2ZmMjhjNzdmOTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3vf9ZPfeSmc4gikVPpjELj7nEP7d
Dp6g1mwq5s4EvEohsOQ5LZNLm+mCldM7dQUve7xrkVI7l+N9juvNJDkl6lEr456F
uI1BC1Yrkg45e0YoIoN7eNSzRVdGXcTeJm/gu4r8dz36RluV2I8tiv7cZ7taHVOv
EzUpgxnTVpQpU/Kr2RTvdo56Yj3oyhMynAxn5aMQrm33ke64X2WEtZKjEDbDZXeL
ZbtxIoPX7GLUKg7yKVaPaSOPi6wCIHr4Gx4js7/oVxlf7+eRhR6I28msZYc7vRdv
XGHy8ppHyk4CSuS3Y8DR9Blfvwff4RoGuMIoD4TifPVIo9axGcjayWKgEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxQkl8nviZwToPYZFLff/KMd/lMMB8GA1UdIwQY
MBaAFLsZDRAqyWA7QFs2N01CmGhgSTevMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXhrTkVDckpZRHRBV3pZM1RVS1lhR0JKTjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS82MzY5ZTYtMjMwNC00OTIyLWFmZGYt
ZTkzZTJlYmE2OWI5LzEvWEZDU1h5ZS1KbkJPZzloa1V0OV84b3gzLVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS82MzY5ZTYtMjMwNC00OTIyLWFmZGYtZTkzZTJlYmE2OWI5
LzEvdXhrTkVDckpZRHRBV3pZM1RVS1lhR0JKTjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZQSMA0G
CSqGSIb3DQEBCwUAA4IBAQANWkd+TdDFPbAiYkyuAQjt1fc6bfPCtJ/uO/je5VYN
dAZ7qfyQSk4L8UqPq9sSTfMB5bfSVQ1hEHERuG29BuNJKPz72HMnea1YeXhkd5iT
80ApjNCu4fllUHaXOWrPBEv2fuLm5XIQkAZ+SjXw2+teC357B1z64SG/5XFbKQtc
GWxy2LjRFvj4EwXsD5YJrG9xgjDYLmPybvSwToeI5d5NOjMG6iNArYsQG43jtxXE
7UEC2ugWThWEXvNkTBk3FFRFBZL9BEZ7GCY00qMO4hGqsWqZQdob4mtMgoaJBgiC
3+juuXpcmLUsXCZ15HAMh3Z+fAtTLOHERfpVunrsP8aF
-----END CERTIFICATE-----